Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-49370

    Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimc... Read more

    Affected Products : pimcore
    • Published: Oct. 23, 2024
    • Modified: Nov. 06, 2024

  • 8.5

    HIGH
    CVE-2024-47904

    A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected device... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 9.1

    CRITICAL
    CVE-2024-47903

    A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of a... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-47902

    A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of a... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-47901

    A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of a... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-47575

    A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet For... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Actively Exploited
    • Published: Oct. 23, 2024
    • Modified: Nov. 08, 2024

  • 5.8

    MEDIUM
    CVE-2024-30122

    HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.... Read more

    Affected Products : sametime
    • Published: Oct. 23, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-10290

    A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The ... Read more

    Affected Products : zzcms
    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 9.0

    HIGH
    CVE-2024-10283

    A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buf... Read more

    Affected Products : rx9_pro_firmware rx9_pro rx9_firmware
    • Published: Oct. 23, 2024
    • Modified: Nov. 01, 2024

  • 9.0

    HIGH
    CVE-2024-10282

    A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-base... Read more

    Affected Products : rx9_pro_firmware rx9_pro rx9_firmware
    • Published: Oct. 23, 2024
    • Modified: Nov. 01, 2024

  • 6.3

    MEDIUM
    CVE-2024-50050

    Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 24, 2024

  • 9.0

    HIGH
    CVE-2024-10281

    A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. ... Read more

    Affected Products : rx9_pro_firmware rx9_pro rx9_firmware
    • Published: Oct. 23, 2024
    • Modified: Nov. 01, 2024

  • 7.5

    HIGH
    CVE-2024-10280

    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument ... Read more

    • Published: Oct. 23, 2024
    • Modified: Nov. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-10250

    The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack... Read more

    Affected Products : nioland
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 4.7

    MEDIUM
    CVE-2024-10041

    A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to ... Read more

    • Published: Oct. 23, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-10279

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The ... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10278

    A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-10289

    Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName.... Read more

    Affected Products : localserver
    • Published: Oct. 23, 2024
    • Modified: Oct. 24, 2024

  • 6.1

    MEDIUM
    CVE-2024-10288

    Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName.... Read more

    Affected Products : localserver
    • Published: Oct. 23, 2024
    • Modified: Oct. 24, 2024

  • 6.1

    MEDIUM
    CVE-2024-10287

    Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName.... Read more

    Affected Products : localserver
    • Published: Oct. 23, 2024
    • Modified: Oct. 24, 2024
Showing 20 of 294530 Results